Convert to prompt=no, with per cert config files. This avoids all

interaction with the user. The main point to note is that for the
clients, there is a localnode.cnf and a ronnode.cnf. The difference is
that I encode the type (pcron) in one of the extra fields so that tmcd
can do a check on it. This is in lieu of per client certs, which would
be a big pain in the butt right now. As we add other remote groups, we
will create new config files. I bet this will change over time, as
we learn more.
Chad, it would be nice the tiptunnel cert could be generated from this
setup.